Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Businesses

Marriott Discloses Missing Data Files 162

An anonymous reader writes "Marriott International has admitted that it is missing backup computer tapes containing credit card account information and the Social Security numbers of about 206,000 time-share owners and customers, as well as employees of the company." From the Washington Post story: "Officials at Marriott Vacation Club International said it is not clear whether the tapes, missing since mid-November, were stolen from the company's Orlando headquarters or whether they were simply lost. An internal investigation produced no clear answer. The company notified the Secret Service over the past two weeks, and has also told credit card companies and other financial institutions about the loss of the tapes."
This discussion has been archived. No new comments can be posted.

Marriott Discloses Missing Data Files

Comments Filter:
  • by rritterson ( 588983 ) * on Sunday January 01, 2006 @09:50PM (#14376663)
    Can anyone tell me why Marriot has the SSNs of Customers?

    Time-share owners, maybe, employees definately, but customers? Why?

    • by User 956 ( 568564 ) on Sunday January 01, 2006 @09:54PM (#14376677) Homepage
      Time-share owners, maybe, employees definately, but customers? Why?

      Look, they're just making sure you don't steal any towels. Towel theft is a big deal.
    • by QuantumG ( 50515 ) <qg@biodome.org> on Sunday January 01, 2006 @09:55PM (#14376680) Homepage Journal
      Unless your business model including some sort of recurring billing there is absolutely no justification for storing every digit of a credit card number. The first and last digits are more than enough for data matching purposes.
    • I believe this concerns time share loans, in which case a SSN would be required in the credit process.
      • by cayenne8 ( 626475 ) on Sunday January 01, 2006 @10:08PM (#14376727) Homepage Journal
        " I believe this concerns time share loans, in which case a SSN would be required in the credit process."

        Well, even if so...why did they keep the numbers? I've run into things where people wanted my SSN....which I pretty much refuse to give to anyone not associated with ssn taxes....but, to get around it...I just give a deposit in lieu of SSN.

        • They would need to keep the SSNs to share with their loan servicer(s?) and backup companies.

          In most cases, when you take out a loan with somebody, your data is likely being shared with everybody they do business with related to the servicing of the loan... especially if you're a "high risk" customer (e.g., low credit score).

        • Well, even if so...why did they keep the numbers? I've run into things where people wanted my SSN....which I pretty much refuse to give to anyone not associated with ssn taxes....but, to get around it...I just give a deposit in lieu of SSN.

          As far as loans, they keep the numbers because if a person defaults on the loan that's the only data they have that's unique to the person who defaulted. For example, if the debt gets sold cheaply to a debt collection agency, the collection agency needs that number t
        • by llefler ( 184847 ) on Sunday January 01, 2006 @11:27PM (#14376917)
          They need to keep your SSN for tax purposes. Depending on your agreement, the loan to 'buy' your timeshare is considered a mortgage. So they need to report interest to the IRS. Not to mention, a credit agency is going to use your SSN to avoid simple name collisions.

          As far as keeping your credit card number, they could be requiring it to cover maintenance fees or it's possible customers are automatically having their loan payments charged to their credit card. I do that with a couple of my monthly expenses so I don't have to write a check. (having both electronic withdrawals and automatic billing to credit cards, I prefer the latter)

          While I suppose you can get around these by buying the timeshare outright, and prepaying maintenance fees, most customers do not want to do that.
          • Not to mention, a credit agency is going to use your SSN to avoid simple name collisions.

            Maybe in your world it's okay for SSN's to be routinely dancing around in credit agency computers to prevent 'simple name collisions' but not in mine.

            They're in big trouble if the only 'tag' they have to distinguish between customers is the SSN. There aren't that many cases where people with a common street address have the same exact name. They can use Zipcode+4 if they really have that shaky a system that they need
            • There aren't that many cases where people with a common street address have the same exact name. They can use Zipcode+4 if they really have that shaky a system that they need a distingushing number to use.

              Because we all know people don't move. Ever.
            • DOB and SSN are what distinguish my name from my fathers. I'd say it's safe to say that we have both had the same address in the past. There are plenty of other people with the same experience. My best friend, for example.

              Zipcode +4 doesn't necessarily distinguish a unique street address. Address comparisons are notoriously unreliable. My address for instance is on a Drive. It could be spelled out or abbreviated DR. It could be left off, or it could be confused with a nearby Lane or LN. All of which would
    • It is the Time Share division of Marriott, and they are required to have SSN's for those customers for mortgage interest reporting purposes.
    • Can anyone tell me why Marriot has the SSNs of Customers?
      What makes you think they do? I've stayed at Marriots and never been asked for my SSN, so I doubt the SSN loss refers to normal customers.
    • by toddbu ( 748790 ) on Sunday January 01, 2006 @10:55PM (#14376842)
      Can anyone tell me why Marriot has the SSNs of Customers?

      I think that you're asking the wrong question here. Shouldn't you be asking "why does it matter if they keep your SSN?" Our whole system of using SSNs to identify people is broken, and if Congress would get off their lazy duffs and fix the problem then maybe it wouldn't matter if someone had my SSN number or not. A simple change to credit reporting laws that would require a second level of verification of the identity of a consumer before granting credit, like what happens when you put a fraud alert on your credit report, would go a long way toward fixing this problem. But those who issue credit are afraid that if you got rid of easy credit then their market would collapse. I'll agree that some people would be inconvenienced by such a system (like those who move around a lot), but it sure would reduce fraud. At the very least, I should have the option of making a fraud alert permanent, and to have complete control over who can view my credit history. Then maybe it wouldn't make such a difference if someone got my personal information.

      • Why stop there? Why does any entity need to hold on to my SSN? Why not just make it illegal to do so? I work with large databases every day (100k+ "souls") and it is insane to me that we keep the SSN for all these people. What a security nightmare/identity thief's dream. I've argued with my boss several times that we should dump the SSN and just keep a few hashes instead (md5/sh1/whatever). He doesn't like that idea for valid reasons (mainly compatibility with other systems that don't know shit about
        • by lazlo ( 15906 ) on Monday January 02, 2006 @12:23AM (#14377071) Homepage
          I've argued with my boss several times that we should dump the SSN and just keep a few hashes instead (md5/sh1/whatever). He doesn't like that idea for valid reasons (mainly compatibility with other systems that don't know shit about a hashed SSN).

          I could be wrong about this, but here's another reason to think of. Hashing the SSN's in the database doesn't raise the bar much for ID thieves. There are 1G possible SSN's. According to my calculations (and the output of "openssl speed md5"), calculating and storing the MD5 of all of them would take my computer about 30 minutes and would take up about 20GB of drive space. After which, looking up an ssn from the hash would be fairly easy.

          My first thought was "add some salt", but SSN's aren't passwords (although they're used like passwords fairly often), they're indexes. So if I've got info on my John Doe, and want to see what info you have on that same John Doe, unless we happened to use the same salt we're screwed.

          The only solution I can see would be to use deterministic salt. store the MD5 of, for instance, the person's SSN.DOB. That would make it so that the problem for the attacker is (assuming he only cares about people 18-65 years old) 17,155 times harder. So now the database is over 300 TB, and it takes a year to calculate (on my machine). But it means that everyone has to start collecting DOB (which they mostly do anyway - but it would now be necessary) and would have to agree to use MD5(SSN.DOB) as a person's identifier. Thinking about it, that might not be so bad... But it'll still take an act of God or congress to get everyone to start doing it. And I'm guessing God might be more likely.
          • According to my calculations (and the output of "openssl speed md5"), calculating and storing the MD5 of all of them would take my computer about 30 minutes and would take up about 20GB of drive space. After which, looking up an ssn from the hash would be fairly easy.


            Since using a hash secret to change the digest is just as easy and basic, your
            point is?
      • A simple change to credit reporting laws that would require a second level of verification of the identity of a consumer before granting credit, like what happens when you put a fraud alert on your credit report, would go a long way toward fixing this problem.

        From what I've heard, people placing fraud alerts can frequently find places that ignore the credit warning and give out a card with little or no checking. And if everyone had fraud alerts, finding places that don't check would be even easier. Qui
        • Quite simply, credit reporting companies need to be 100% liable for reporting false information, and credit vendors (including banks and mortgage companies) need to be 100% liable for offering credit to and identity thief.

          I'm not sure how you make credit reporting agencies liable for false information since they're just reporting what other people tell them. As for making the credit vendors liable for granting credit to identity thieves, I think that you can only do this in a world where the credit vendo

    • Can anyone tell me why Marriot has the SSNs of Customers?

      They probably don't. As the article says, the backup tapes contained credit card numbers and SSNs of workers, time share owners and customers. That reasonably means that they've lost the credit card numbers of time share owners and customers and the SSNs of time share owners and employees.

      So they've lost this data, but it seems to me that they're being reactive in a positive way - they've notified the right people in government, they've contacted fi
    • Can anyone tell me why Marriot has the SSNs of Customers?

      They don't [marriott.com] Credit card, yes. SSN, no. I logged 71 days in a Marriot last year, and never once have they asked for a SSN.
  • by Winlin ( 42941 ) on Sunday January 01, 2006 @09:51PM (#14376666)
    I stayed in a Holiday Inn Express last night.
  • Great. (Score:4, Informative)

    by User 956 ( 568564 ) on Sunday January 01, 2006 @09:51PM (#14376667) Homepage
    With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million [cnn.com]. That should stop those crooks!
    • Re:Great. (Score:3, Insightful)

      by dc29A ( 636871 )
      Why is the job of Homeland Security to secure the data storage of a random company? Start putting out heavy fines on companies who fail to securely store customer data and the problem will go away. Right now there is no "incentive" for companies to keep personal data stored safely. A little PR can take care of a hack.

      Companies need to be held liable for the safety and security of their customer's data. The problem then will go away.
      • Re:Great. (Score:4, Insightful)

        by User 956 ( 568564 ) on Sunday January 01, 2006 @10:01PM (#14376699) Homepage
        Companies need to be held liable for the safety and security of their customer's data. The problem then will go away.

        I'm hearing you. I think the way the SSN system works with the financial system is horribly inefficient, insecure, and pront to abuse. But you need to cover both ends. Security on the front end, and proper policing on the back end. Cutting the DHS budget certainly isn't going to help-- especially when hundreds of millions are allocated for projects like the bridge to nowhere. [usatoday.com]
        • Re:Great. (Score:2, Insightful)

          by gasjews ( 941147 )
          Can we say inefficient and bloated government administration?

          I always vote down school tax proposals becuase our local school system has yet to manage to improve the quality of education or teaching while managing to find all sorts of things to spend money on like new toys for the administration to play with, overpriced school complexes (65 million dollars for a school that reasonably holds 3000 at best?), marketing campaigns, etc.

          DHS doesn't need more money. They need to be smart. Unfortunately, bureaucrac
          • Unfortunately, bureaucracies are just an extension of modern democracy and modern democracies are largely incapable of meaningful consensus or leadership.

            Judging by your website, I'm suddenly not sure a society-wide consensus is a good thing.
      • Re:Great. (Score:3, Insightful)

        by Ravatar ( 891374 )
        That won't necessarily eliminate carelessness on the companies' part. If the fine is less than the cost to properly secure the data, nothing will change.

        The only group that benefits in this case is the government.
    • Re:Great. (Score:5, Insightful)

      by dangitman ( 862676 ) on Sunday January 01, 2006 @10:05PM (#14376711)
      With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million. That should stop those crooks!

      Given the lack of competence of DHS, eliminating their funding can only be a good thing. They only seem to make things worse, and haven't really shown any evidence of being effective at doing anything other that waste money and erode civil liberties.

    • With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million. That should stop those crooks!
      After all, the ability to monitor at will of all forms of communications between every American resident and "potential terrorists," is FAR more important than such trivial matter as preventing identity thieft or credit fraud. (Yes, I am being sarcastic.)
    • Re:Great. (Score:5, Informative)

      by Dhalka226 ( 559740 ) on Sunday January 01, 2006 @10:47PM (#14376817)

      I'm glad the Department of Homeland Security has had their budget cut to $16 million.

      That's misleading. Their RESEARCH budget for CYBERSECURITY is cut to $16 million, and that's only down 7% from last year, which means under $2 million in cuts.

      You can argue it should be higher if you wish, but don't make it sound like the entire DHS--or even cybercrime enforcement in general--is funded that sparsely.

      • I'm glad the Department of Homeland Security has had their budget cut to $16 million.

        That's misleading. Their RESEARCH budget for CYBERSECURITY is cut to $16 million, and that's only down 7% from last year, which means under $2 million in cuts.

        Not only that, unless you look at the budget lines, this type of number
        can be totally misleading. For instance, the previous year's budget may
        have included $5 million in extraordinary expenses, meaning that this
        year's number actually represents an increase.

        Numbers i

    • Comment removed based on user account deletion

    • With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million. That should stop those crooks!


      I think that you are mistaken [dhs.gov].

      Cyber Security is enhanced in the budget to augment a 24/7 cyber threat watch, warning, and response capability that would identify emerging threats and vulnerabilities and coordinate responses to major cyber security incidents. An increase of $5 million is proposed in the budget for this effort, bringing the progra
    • Re:Great. (Score:3, Insightful)

      by Jeff DeMaagd ( 2015 )
      With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million.

      Is this a real budget cut, or a cut in projected increases?

      Government budget cuts are the most preposterous lies I've seen in a long time. Say the next year's budget is slated to increase 8%. Let's just say that increase is reduced to 4%. Politicians, pundits and media people can then claim (or complain of) a 4% cut, despite that in reality, it was still an increase, the c
    • With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million.
      It doesn't matter - this type of crime isn't in their brief. If you need to have some horses judged, that's when you should call them.
  • by rleesBSD ( 909405 ) on Sunday January 01, 2006 @09:56PM (#14376686) Journal
    Now wifey will never know.
  • by dlaur ( 135032 ) on Sunday January 01, 2006 @10:02PM (#14376703)
    Let me ask a simple question: Why don't they encrypt this stuff?
    • Encryption is not always the answer. A single block error could render an entire encrypted archive useless. There is also the problem of managing the encryption keys. Security is about more then just denying access to data. Ensuring access to data is an aspect of data security that is just as important.
      • by Anonymous Coward
        > A single block error could render an entire encrypted archive useless.

        Huh? Where in the world did you come-up with that?

        That would only be true if your encryption uses CBC (Cipher Block Chaining) mode. That's where you XOR each block with the ciphertext of the previous block. An error in one block affects that block and every subsequent block like you describe.

        When you use ECB (Electronic Code Book), the regular DES algorithm, you encrypt each 64-bit block independently. Errors only affect the data
      • A single block error could render an entire encrypted archive useless.

        I no cryptographer, but I personally have worked with encryption standards that work on 64bit blocks. If that was corrupted, the rest of the data would be fine...

        Also, I would propose that the problem of key management is less of a problem than the problem of unencrypted data out in the wild. If you lose it - who cares!

  • by TheFlyingGoat ( 161967 ) on Sunday January 01, 2006 @10:10PM (#14376728) Homepage Journal
    Many companies out there wouldn't even know if their tapes had been misplaced or lost. At 3 companies I've worked for, we've had tapes lying around in managers' offices and server rooms, many that contain information that could be used for identity theft.

    Marriott has handled this correctly and deserves some credit for doing so. At least they're not trying to cover it up like some companies would.
    • by humphrm ( 18130 ) on Sunday January 01, 2006 @10:45PM (#14376812) Homepage
      Umm, I hate to say it, but a tape missing since last November constitutes a cover-up. Marriott only came out and admitted to the loss because their internal investigation turned up nothing.

      ABN Amro lost a tape with my data on it. The news was out that week. DHL found it, and even though the news agencies didn't cover it much, I got a follow-up letter from ABN Amro AND they extended the free credit tracking service from 3 months to 1 year.

      Marriott on the other hand waited over a month before they even notified the Secret Service, for crying out loud.

      No kudos to Marriott for this one. They're lucky that their month-long cover-up isn't criminal (yet).

  • fraud monitoring (Score:5, Insightful)

    by spoonyfork ( 23307 ) <spoonyfork@@@gmail...com> on Sunday January 01, 2006 @10:12PM (#14376730) Journal

    I'm glad to read Marriot is offering credit fraud monitoring to the affected people like how Ford offered to its employees when they recently lost 70,000 employee/retiree SSNs. [freep.com] Unless it is lifetime monitoring I fail to see the long term value.

    Wait a second, why don't the credit bureaus offer free lifetime credit fraud monitoring to everyone in the first place?

    • Wait a second, why don't the credit bureaus offer free lifetime credit fraud monitoring to everyone in the first place?

      Because they are not not-for-profit's?

    • They don't do free monitoring, but if you're willing to do the legwork of monitoring yourself, you can monitor your credit file yourself, free of charge. clicky [annualcreditreport.com]
      • It's retarded that you can only pull the file once per year though (per place, I know, but still that's only 2 times a year and I've had some pretty big discrepancies between those three...). It's a negligible amount of data to transmit just so you can keep tabs on it. I don't mind not having some machine automatically watching my accounts (and for $15 - $20 a month, it's not worth it, what a racket) but I can't be vigilant if I can't get the data more frequently. It's a goddamn scam and is set up to rape e
    • Well, the SSN is not actually confidential information. Most of the shop workers, hospital workers, school workers etc can access tens or even hundreds social Security Numbers.
  • by moosesocks ( 264553 ) on Sunday January 01, 2006 @10:26PM (#14376760) Homepage
    Forgive me for being uninformed, but why would the Secret Service be the agency responsible for investigating this type of incident?

    Unless Valerie Plame had a timeshare.....
    • Re:Secret Service? (Score:3, Informative)

      by rritterson ( 588983 ) *
      The Secret Service also serves as the branch of law enforcement that investigates financial fraud and counterfeiting. From The Secret Service web page [secretservice.gov]:

      "The Secret Service also investigates violations of laws relating to counterfeiting of obligations and securities of the United States; financial crimes that include, but are not limited to, access device fraud, financial institution fraud, identity theft, computer fraud; and computer-based attacks on our nation's financial, banking, and telecommunications in
    • The Secret Service is part of Treasury. They also deal with things like counterfeiting rings. As Treasury is going to be involved in large-scale financial fraud investigation, and Secret Service is an enforcement arm of Treasury, this makes sense to me.

      It all seems like stuff the FBI ought to be doing, but I think that's mainly an artifact of how crime has changed. Federal law enforcement was originally designed to go after the mob, and you get the mob by following the money. So it makes sense for Tre

    • Their mission [secretservice.gov] includes:

      The Secret Service also investigates violations of laws relating to counterfeiting of obligations and securities of the United States; financial crimes that include, but are not limited to, access device fraud, financial institution fraud, identity theft, computer fraud; and computer-based attacks on our nation's financial, banking, and telecommunications infrastructure.

  • I read about this in the post almost a week ago. Its finally posted to slashdot on a Sunday, and a "holiday" Sunday at that.

    Discuss.

    </Linda Richman>
  • That's nothing... (Score:5, Informative)

    by Anonymous Coward on Sunday January 01, 2006 @10:34PM (#14376775)
    AC for obvious reasons...

    I work the front desk at a competing 4-star hotel chain. I work the night shift ($10/hr to sit there babysitting the desk and reading/fiddling on my laptop, great job for students ;-)). Anyway, the first day, FIRST DAY! I was working there I had access to all the back-up tapes for the past month with every guests name, address, phone number, what government agency/corporation they work for, and CC#'s/expiration dates. The tapes are all sitting in a filing cabinet in the front office.

    So many people touch the tapes, front desk staff/accounting/reservations/IT, that if one went missing it would be impossible to track back to an individual. What's more, if I just picked up my own tape and made a dupe at night in 35 minutes while I'm there alone nobody would ever know.

    This is a 400 room hotel in a major U.S. city, access to literally tens of thousands of names, addresses and associating credit card numbers, all for filling out a standard job application that I may or may not have filled out accurately. Unbelievable.
    • This is a 400 room hotel in a major U.S. city, access to literally tens of thousands of names, addresses and associating credit card numbers, all for filling out a standard job application that I may or may not have filled out accurately. Unbelievable.

      After my wife and I returned from Malaysia in 2004 we started seeing charges on her credit card from resorts and shops in Japan. It took months to get our bank to accept that these charges were not legitimate.

      I have no problem believing your story.

    • every guests name, address, phone number, what government agency/corporation they work for, and CC#'s/expiration dates

      If the CC information is unencrypted and usable, I'm sure that the various CC companies would be interested in knowing about it. Various retail companies that I know have all sorts of security that they have to comply with to do business with a CC company. Some data is in the form where one person has access to the encrypted form, another has half of the key, and a third has the other half
    • Re:That's nothing... (Score:3, Informative)

      by imipak ( 254310 )
      Sadly all too believable. As you move out of education into the real commercial world you'll notice this sort of crap happens routinely, virtually everywhere you look. Word of advice: be careful how you go about it if you try to raise such things with management. It's rare that you'll get thanked for it, because they will have to spend time & money on fixing stuff that in their eyes, doesn't need fixing. Go read Bruce Schneier's writings about externalities (CryptoGrams passim). He's been harping on abo
  • by ScrewMaster ( 602015 ) on Sunday January 01, 2006 @10:40PM (#14376795)
    that if these large corporations can't be trusted to play with their computers safely, maybe they should have them taken away. At the very least, I think some adult supervision should be required by law. And if that doesn't work, send them back to using typewriters and filing cabinets.
  • by michaelaiello ( 841620 ) on Sunday January 01, 2006 @10:47PM (#14376815) Homepage
    Lists of incidents

    A report (with pretty graphs) from a recent financial engineering class. Data was from Feb to Sep 2005...
    The 83 recorded loss events were categorized by loss event type and by industry sector. The data is relevant over 232 days. This yields a probability of a loss event occurring in any sector on any given day 35.7%. If only events affecting financial services institutions are counted, the probability is 7.5%.

    http://privacydata.michaelaiello.com/paper.pdf [michaelaiello.com]

    Bring forth the math corrections
  • I don't know... (Score:2, Insightful)

    by Chabil Ha' ( 875116 )
    and maybe I'm just ignorant, but WHY DON'T THEY ENCRYPT ALL THAT INFORMATION WHEN IT LEAVES THE MAIN DATA WAREHOUSE? It seems to me that by encrypting its contents, you put some security around it should it be lost/stolen/etc. Can anyone explain why this isn't done?
      • It's additional work to generate and manage keys.
      • It burns CPU cycles and may slow down a backup process that is already too slow.
      • The backup software may not support it.
      • Lack of funding or interest by management.
      • No security policy.
      • Lack of funding or interest by management is, right now, on the reverse. CEOs and boards of directors are asking their CIOs if their tapes are safe, and if they encrypt the data. The answer is "give me the money" and then things change.

        But it does take time, and companies do need money to invest in this. Without legislation, the road to change can be a long one and can depend as much on consumer interest than anything else...

      • Too, file storage systems are so redundant nowadays that backup tapes are seldom referenced.
    • and maybe I'm just ignorant, but WHY DON'T THEY ENCRYPT ALL THAT INFORMATION WHEN IT LEAVES THE MAIN DATA WAREHOUSE? It seems to me that by encrypting its contents, you put some security around it should it be lost/stolen/etc. Can anyone explain why this isn't done?

      If you encrypt a database backup and there is an error on the tape, the backup could easily be useless.

      For this same reason, many Linux users still do not compress backups of their data. Even though there is media these days that is much
      • Re:I don't know... (Score:3, Informative)

        by Vellmont ( 569020 )

        If you encrypt a database backup and there is an error on the tape, the backup could easily be useless.

        Only under certain modes of block cyphers. If you use an electronic code book mode of a block cipher you only lose the block with the error on it. It's not as secure of course, but it's a lot better than nothing.
        • Use a stream cipher (Score:3, Interesting)

          by Myria ( 562655 )
          When backing up, generate a random "tape" key. Encrypt this "tape key" using a block cipher and your official key. Store the encrypted tape key several times at several locations on the tape. The locations of the key must be known without needing to read the tape to find them.

          With that set up, encrypt the main contents of the tape with a stream cipher (say, RC4) with the tape key.

          This way, damage to a certain area of the tape will not result in a complete loss of data. Using a random key for each tape e
    • There's no technical reason why they don't do it. The short answer is that the companies are too cheap and short sighted to do it. Changing their data backup system to have the proper key management to assure both data security, and recoverability would cost money. Big companies like these are often run by bean counters who don't understand the risk. After a few more of these very public losses, maybe they'll start listening to the security guys in the company.
  • 1. The tape monkey didn't make the backups in the first place and tried to cover his ass by reporting them stolen. 2. The tape monkey re-used the tapes for another backup session. 3. The janitor stole the tapes thinking that it may be a porn movie. 4. The CFO took the tapes to hide a case of insider trading. 5. The CEO took the tapes thinking that they are from the security cameras and he didn't want a trist exposed. 6. ???
    • 6. they are misfiled in a million tape library.
      7. the boxes were improperly labeled when they were sent to offsite storage and are misfiled.
      8. they were accidentally destroyed with other old tapes.
      9. the tapes were mislabeled. (internal label doesn't match physical label)

      BTW, that's Tape Ape. You're confusing that with Code Monkey.
  • AFAIK timeshares have pretty bad reputation because of the shady methods of selling them. So, many people who had their identity stolen may have already been (perfectly legally) swindled.
  • Some years back when at University, we did a case study on an IT project that Marriott did in partnership with Rental car agencies - a booking system tie in.

    It was terribly over budget, and delayed a long time.

    A significant factor was the project manager lieing about timeline milestones and being within budget.

    Later, once it was too late, a report slammed marriot for not reviewing the project reports, which stated time and time again that "all is well". Marriott had next to no QC or risk analysis.
  • What if this stuff falls into the wrong hands? There's only a little flippancy built into the preceeding question. Very few criminals are intelligent or innovative. Most survive by a code of silence and a threat of violence. While still an undergraduate in Toronto I foolishly took a night job as a doorman/bouncer in a downtown club that had as a clientelle "made guys" in the Vagas knockoff bar upstairs and a well known motorcycle gang as patrons of the bar downstairs. At the time I wanted to be a writer and
    • Very few criminals are intelligent or innovative. Most survive by a code of silence and a threat of violence.

      This "code of silence" you reference is the reason you never met any criminals that have anything to them. Street hustlers don't steal backup tapes. They run game on undergraduate writers with romanticized notions about crime.

  • In one of my first jobs as a programmer my first assignment was to go to a local ISP and help them restructure their customer database. So on my first day I ask the lead programmer to give me the DB structure. End of the day comes and he hands me a disk. I get back to the office and find that it contains the ENTIRE DATABSE: ~100,000 names, addresses, CC numbers, and SSN's. (After that we did an extensive security audit of their software...)
  • All backup software should encrypt the backups. Unfortunately, backup software is still very primitive.

    Backup software should also automatically do a compare and determine if the backup is actually usable. In about 5% of our tests, Acronis TrueImage software, for example, has made a backup that it won't read.

    It's simple enough to solve Marriot's problem. Pass a law that anyone storing more than 100 credit card numbers must use encryption. Provide cross-platform open source backup software that meets t
    • It's simple enough to solve Marriot's problem. Pass a law that anyone storing more than 100 credit card numbers must use encryption.

      I find it pretty entertaining how the same group of people (not necessarily you in person) who bitches about so many unnecessary laws, like, say, something from Indiana, starts proposing new laws whenever their personal issue is messed with.

    • Additional comments to my parent post:

      Companies storing sensitive data could be expected to use software that provided error correction codes (like those generated by ICE ECC [ice-graphics.com]).

      Laws about this would enable companies to spend the money without worrying that they were making themselves uncompetitive because of expenses. They would know their competitors must do it also.

      Top managers are generally not wise about technology; they need someone to guide them toward doing the right thing.
  • ENCRYPTION!!!! (Score:3, Insightful)

    by carlislematthew ( 726846 ) on Monday January 02, 2006 @12:57AM (#14377136)
    I'm getting fed up of these irresponsible companies backing up sensitive data with NO ENCRYPTION. We're talking about International companies here, sending plain-text data around on tapes. Sometimes, companies have been caught sending tapes through UPS!

    It's realistic to expect that there is sensitive data out there - the answer is not to say "don't store my SSN", although that should certainly be restricted.

    It seems to me that the answer is ENCRYPTION! Encrypt the data and you can back it up on fucking postcards and send it to my grandmother for all I care..

    • I'm getting fed up of these irresponsible companies backing up sensitive data with NO ENCRYPTION. We're talking about International companies here, sending plain-text data around on tapes. Sometimes, companies have been caught sending tapes through UPS!

      The reason that tapes are sent offsite in the first place is to guard against disasters at the home office, e.g. fire, flood, etc.

      If you encrypt the data and the encryption keys are stored at the office and that office is destroyed, then you've reduced yo

  • by TallMatthew ( 919136 ) on Monday January 02, 2006 @05:45AM (#14377698)
    IT Manager: "Datasafe's here to pick up the backup tapes."

    Marriott soon-to-be-ex SA: "Um, didn't they already come this week?"

  • .. This is just another of many many cases of digital leakage of data on human beings. Data that may be used to thenm harm the party the information is about,

    What do you suppose the solution direction is going to be, considerning that even having some sort of unique ID won't stop worngful use of such information?
  • These arguments miss the real point.
    You have permitted a government to define, control and essentially own your identity.
    There is no commercial or honest need for this.

    Most of us using Slashdot have multiple identities (user names) for the different boards we log into on the net. For each one we have established a reputation for good or ill that serves as our good-will or "credit" on that board.
    If the government wishes to issue a Tax ID, OK. But only I and they need to know it.
    If a credit company

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...